[PATCH 1/1] Use PKCS#7 for asymmetric decryption
9 views
Skip to first unread message
Bastian Germann
Jun 21, 2024, 2:07:04 PM (12 days ago) Jun 21
to swup...@googlegroups.com, Bastian Germann
Instead of applying CMS functions for the asymmetric decryption, use the
corresponding PKCS7 functions, which are mostly supported by wolfSSL as
well. The only missing function is PKCS7_decrypt.
Link: https://github.com/wolfSSL/wolfssl/issues/7672
Signed-off-by: Bastian Germann <ba...@debian.org>
---
corelib/swupdate_cms_decrypt.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/corelib/swupdate_cms_decrypt.c b/corelib/swupdate_cms_decrypt.c
index 45aa596f..72ac744c 100644
--- a/corelib/swupdate_cms_decrypt.c
+++ b/corelib/swupdate_cms_decrypt.c
@@ -64,13 +64,13 @@ err:
int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, const char *outfile)
{
BIO *in = NULL, *out = NULL;
- CMS_ContentInfo *cms = NULL;
+ PKCS7 *pkcs7 = NULL;
int ret = 0;
if (!dgst || !infile || !outfile)
return 1;
- /* Open CMS message to decrypt */
+ /* Open message to decrypt */
in = BIO_new_file(infile, "rb");
if (!in) {
ERROR("%s cannot be opened", infile);
@@ -79,9 +79,9 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
}
/* Parse message */
- cms = d2i_CMS_bio(in, NULL);
- if (!cms) {
- ERROR("%s cannot be parsed as DER-encoded CMS blob", infile);
+ pkcs7 = d2i_PKCS7_bio(in, NULL);
+ if (!pkcs7) {
+ ERROR("%s cannot be parsed as DER-encoded PKCS#7 blob", infile);
ret = 1;
goto err;
}
@@ -99,8 +99,8 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
goto err;
}
- /* Decrypt CMS message */
- if (!CMS_decrypt(cms, dgst->asym_decryption_key, dgst->asym_decryption_cert, NULL, out, 0)) {
+ /* Decrypt message */
+ if (!PKCS7_decrypt(pkcs7, dgst->asym_decryption_key, dgst->asym_decryption_cert, out, 0)) {
ERR_print_errors_fp(stderr);
ERROR("Decrypting %s failed", infile);
ret = 1;
@@ -110,6 +110,6 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
err:
BIO_free(in);
BIO_free(out);
- CMS_ContentInfo_free(cms);
+ PKCS7_free(pkcs7);
return ret;
}
--
2.45.2
corresponding PKCS7 functions, which are mostly supported by wolfSSL as
well. The only missing function is PKCS7_decrypt.
Link: https://github.com/wolfSSL/wolfssl/issues/7672
Signed-off-by: Bastian Germann <ba...@debian.org>
---
corelib/swupdate_cms_decrypt.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/corelib/swupdate_cms_decrypt.c b/corelib/swupdate_cms_decrypt.c
index 45aa596f..72ac744c 100644
--- a/corelib/swupdate_cms_decrypt.c
+++ b/corelib/swupdate_cms_decrypt.c
@@ -64,13 +64,13 @@ err:
int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, const char *outfile)
{
BIO *in = NULL, *out = NULL;
- CMS_ContentInfo *cms = NULL;
+ PKCS7 *pkcs7 = NULL;
int ret = 0;
if (!dgst || !infile || !outfile)
return 1;
- /* Open CMS message to decrypt */
+ /* Open message to decrypt */
in = BIO_new_file(infile, "rb");
if (!in) {
ERROR("%s cannot be opened", infile);
@@ -79,9 +79,9 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
}
/* Parse message */
- cms = d2i_CMS_bio(in, NULL);
- if (!cms) {
- ERROR("%s cannot be parsed as DER-encoded CMS blob", infile);
+ pkcs7 = d2i_PKCS7_bio(in, NULL);
+ if (!pkcs7) {
+ ERROR("%s cannot be parsed as DER-encoded PKCS#7 blob", infile);
ret = 1;
goto err;
}
@@ -99,8 +99,8 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
goto err;
}
- /* Decrypt CMS message */
- if (!CMS_decrypt(cms, dgst->asym_decryption_key, dgst->asym_decryption_cert, NULL, out, 0)) {
+ /* Decrypt message */
+ if (!PKCS7_decrypt(pkcs7, dgst->asym_decryption_key, dgst->asym_decryption_cert, out, 0)) {
ERR_print_errors_fp(stderr);
ERROR("Decrypting %s failed", infile);
ret = 1;
@@ -110,6 +110,6 @@ int swupdate_decrypt_file(struct swupdate_digest *dgst, const char *infile, cons
err:
BIO_free(in);
BIO_free(out);
- CMS_ContentInfo_free(cms);
+ PKCS7_free(pkcs7);
return ret;
}
--
2.45.2
Reply all
Reply to author
Forward
0 new messages